Android
Sunday 7 July 2013
Friday 5 July 2013
Android "Master Key" Security Hole Puts 99% of Devices Open For Hackers.
Android flaw made hackers take control of around 99% of android devices.
The Bluebox Security has discovered some bugs saying that 99% of the android devices released in and after 2009 have the major chances of getting exploited. This has been found around since Android v1.6 (Donut).
The issue has emerged because the android phones handles cryptographic verification of the programs and applications that are installed in the device. Android uses cryptographic signatures as the medium to check whether the program or application is legitimate and to make sure that it has not been tampered with. The flaw is worse and can allow a hacker to access all your arbitrary application data such as sms, emails, documents, passwords and stored accounts.
Installing a Trojan Application from unknown sources and third parties grants the application full access to the entire android system and all programs and applications that are currently installed but they are not given the permission to access the arbitrary data. Forristal explains this flaw in a very simple way. The flaw allows Application Package File(.apk) of the application to be changed without changing the cryptographic signature of the application which makes the application read as genuine and trusted even though it has been modified and altered by the hackers or been attacked by the malware.
The Bluebox alerts that if the device owner wants to download any application or program then they have to be very cautious in identifying the publisher of the application. It also intimates to download applications from Google PlayStore itself rather than downloading it from unknown sources. The Bluebox also advises all the android users to update their phone and all the applications timely.
This flaw still remains just theoretical because yet there is no evidence that it is been exploited by the hackers. All thanks to the Google who has already started taking measures by updating and modifying the applications of the PlayStore so that the applications that have been modified using this exploit are blocked and can no longer be distributed. But the applications downloaded from unknown sources still remain vulnerable.
www.google.com |
To contact the editor, e-mail: webblogs000@gmail.com
Thursday 4 July 2013
Subscribe to:
Posts (Atom)